The latest articles on DEV Community by Whitehat83 (@whitehat83). https://dev.to/whitehat83 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1171966%2Ff251dd25-3fc8-436c-aff4-34ce272c419d.png https://dev.to/whitehat83 en Whitehat83 Tue, 20 Aug 2024 16:57:46 +0000 https://dev.to/whitehat83/how-to-set-up-a-honeypot-in-10-minutes-36ko https://dev.to/whitehat83/how-to-set-up-a-honeypot-in-10-minutes-36ko <p>What is a honeypot you may ask? What is its significance and why is it crucial that we set one up? Honeypots are essentially decoy servers deployed alongside of your actual system in the network. Its purpose is to attract malicious attackers trying to get into your network. Honeypots can misdirect assailants and their constituents from getting into your network. It can also help serve as a great way to add security monitoring opportunities for blue teams.</p> <p>Here’s how to entice possible attackers into a honeypot trap with Kali Linux.</p> <p>You’ll need a Kali Linux box and download a tool called pentbox.</p> <p>Open the terminal and download pentbox with the command.</p> <p>wget <a href="http://downloads.sourceforge.net/project/pentbox18realised/pentbox-1.8.tar.gz" rel="noopener noreferrer">http://downloads.sourceforge.net/project/pentbox18realised/pentbox-1.8.tar.gz</a></p> <p>What this command does is point it to this website and download the tool.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2btt674eej7ehvo7gejs.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2btt674eej7ehvo7gejs.png" alt="Image description" width="720" height="38"></a></p> <p>Find it in your directory, which ever it may be, mine happens to be at home directory.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fosu42dkww811gh3dte0p.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fosu42dkww811gh3dte0p.png" alt="Image description" width="720" height="239"></a></p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqq3a9psp4glj5f1ltkgn.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqq3a9psp4glj5f1ltkgn.png" alt="Image description" width="549" height="29"></a></p> <p>tar xvfz pentbox-1.8.tar.gz</p> <p>Then we run the command to “unload” the tools. The tar command is used to rip a collection of files and directories into a highly compressed archive file commonly called tarball.</p> <p>Then we execute the following command ./pentbox.rb</p> <p>And then, following should pop up.</p> <p>Now the juicy part, the reason why we’re here. To lure the attackers.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fav1ny85swqenor6j31lk.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fav1ny85swqenor6j31lk.png" alt="Image description" width="720" height="613"></a></p> <p>From here we select 2 for Network tools and then 3 for Honeypot.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F609chc5hdj9qmfxyg4jf.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F609chc5hdj9qmfxyg4jf.png" alt="Image description" width="720" height="564"></a></p> <p>Then select option 1 for Fast Auto Configuration. Once this is selected, it will launch the honey pot and default to port 80.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz5hkyw499ewnt50bbem6.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz5hkyw499ewnt50bbem6.png" alt="Image description" width="720" height="682"></a></p> <p>Now open a web browser on another machine such as your host machine and point it to the IP address on your kali machine. My Kali box IP was 10.0.2.4. You can use the commands ip address or ifconfig | grep inet.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Freinbvo7t9xovwmuwuiz.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Freinbvo7t9xovwmuwuiz.png" alt="Image description" width="720" height="338"></a></p> <p>You should get an access denied and if you did that’s right.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F47018g7lpfezg5i6ez1a.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F47018g7lpfezg5i6ez1a.png" alt="Image description" width="416" height="304"></a></p> <p>You should see the following.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu5zajhhetvdq5fh7wfd3.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu5zajhhetvdq5fh7wfd3.png" alt="Image description" width="720" height="423"></a></p> <p>If you would like to dig deeper and have your honeypot listen to a specific port. You would run bentbox as such and select 2 and then 3 followed by 2. When the script prompts you to enter a port type in 22. Port 22 is the for SSH</p> <p>When I try to SSH in to the IP address I get the following “INTRUSION ATTEMPT DETECTED!”</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy5k2llola41r5gobn999.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy5k2llola41r5gobn999.png" alt="Image description" width="720" height="45"></a></p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc86y1t9dw4agbifrsh2z.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc86y1t9dw4agbifrsh2z.png" alt="Image description" width="720" height="559"></a></p> <p>you can see the attempt was logged and where the IP was originated from.</p> <p>Congrats! Now you have successfully set up your Honeypot!</p>